The following fix was submitted by Mike Rhodes, [email protected]
Mike uses regdelete. You may also use reg, reg, or regedit.
For WINNT and (hopefully) WIN98/95 by Mike Rhodes email: [email protected] this fix is not warranted or guaranteed in any way.. Use the below changes for a Windows registery entries at your own risk! This was tested once under WINNT/REGEDIT only! This just might repair win95/98 user registers too! Some users may need to run REGEDIT32 instead of REGEDIT. (WIN98 users replace the name WINNT with WIN98/WIN95) What this does NOT fix... This does not repair all those nice PICTURE/SOUND files that have been corrupted with the VIRUS! In all likelyhood, you will need to DELETE ALL files that have the suffix of "vbs". So, file name "PICTURE.vbs" or "Multi.Media.sound.mp3.vbs" is probably corrupted and needs to be deleted... Run an Anti-Virus routine to clean these up. I used Norton AntiVirus and picked up the latest LIVEUPDATE from the internet. But, even Norton doesn't repair all the damage. (the possibles are: .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .mp3, and .mp2. ) To fix the WinNT Registery.. FIRST! CLOSE/stop your web browser (if opened/started) These entries will need to be deleted/removed regdelete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32",dirsystem&"\MSKernel32.vbs" regdelete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX",downread&"\WIN-BUGSFIX.exe" regdelete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL",dirwin&"\Win32DLL.vbs" - here's how... WinNT - Start/Run/REGEDIT HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Name: MSKernel32 Data: c:\WINNT\system32\MSKernel32.vbs action: RIGHT CLICK on NAME "MSKernel32" action: Select "DELETE" (and confirm it) STEP 2.. FOLDER HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices If this NAME is the only name in "RunServices" then: Name: Win32DLL Data: c:\WINNT\Win32DLDL.vbs then, DELETE the FOLDER action: RIGHT CLICK on "RunServices" FOLDER and Select "DELETE" (and confirm it) If it is NOT the only NAME in RunServices then: delete only: NAME: Win32DLL action: RIGHT CLICK on NAME "Win32DLL" action: Select "DELETE" (and confirm it) Step 3.. DELETE (delete if found - may not be found) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Name: WIN-BUGSFIX Data: c:\WINNT\system32\WIN-BUGSFIX.exe action: RIGHT CLICK on NAME "MSKernel32" action: Select "DELETE" (and confirm it) This entry needs to be modified Step 1 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page action: RIGHT CLICK on NAME "Start Page" action: Modify change the Value Data to: http://www.microsoft.com (or some other friendly web site url) Click "OK" Now CLOSE REGEDIT +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This is the data that is BAD. These entries need to be changed to a different "HOME PAGE". DO NOT USE THESE ENTRIES FOR YOUR HOME PAGE. (this is what causes more problems every time you open your web browser) regdelete "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"You might also want to check out Woody "Cure for Love" fix at http://www.woodyswatch.com/special/.regdelete "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe" regdelete "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe" regdelete "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ as a precaution!.. we cleared out the temporary internet file & history, cleared documents from the taskbar menu, emptied all the trash buckets, then re-booted, shutdown/restart style. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
0 comments
Hide comments